Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'. Possession of the matching private key gives an attacker root access to the appliance.
In the Virtual Appliance system, there exists a hidden user 'printerlogic' whose '~/.ssh/authorized_keys' file contains a predefined (hardcoded) SSH public key — the corresponding private key is known or can be obtained by an attacker. At the same time, the 'printerlogic_ssh' group has an entry in the sudoers configuration with the NOPASSWD: ALL option, meaning any command can be executed as root without password entry. An attacker connects remotely via SSH, authenticating with the possessed private key, and immediately escalates privileges to root level.
An attacker gains full control over the Virtual Appliance device with root privileges — can read, modify and delete data, install malicious software, take control of print services, and potentially use the device as a pivot point for further lateral movement in the network.
Patches available from the vendor must be applied according to the references (https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm and https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm). Until updates are applied, it is recommended to restrict SSH access to the appliance only to trusted IP addresses at the firewall level and monitor login attempts to the 'printerlogic' account.
Vasion Print (formerly PrinterLogic) Virtual Appliance Application and Virtual Appliance Host (VA/SaaS deployments); specific versions indicated in vendor references
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XVasion Virtual Appliance Application
APPVasionwszystkie wersjeVasion Virtual Appliance Host
APPVasionwszystkie wersje
Related vulnerabilities
Vasion Print Virtual Appliance — hasła w plikach plaintext dostępnych dla wszystkich
Vasion Print: hardcoded klucz prywatny SSL we wszystkich instancjach
Vasion Print: hardcoded klucz prywatny CA i hasło w plikach konfiguracyjnych
Hardcoded klucz prywatny GPG w Vasion Print Virtual Appliance
Vasion Print Virtual Appliance — nieautoryzowane RCE przez firmware-upload